Integrate IoT Security with SIEM

Integrate IoT Security through Cortex XSOAR with SIEM to send it device details, alerts, and vulnerabilities.
Palo Alto Networks IoT Security supports security information and event management (SIEM) logging, which allows you to send information about discovered devices, security alerts, and device vulnerabilities to your SIEM server for further actions. IoT Security integrates through Cortex XSOAR with any SIEM that supports the CEF format.
After the setup is complete, you initiate an initial export of the entire device inventory from IoT Security through XSOAR to the SIEM server. After that, XSOAR requests incremental updates at 15-minute intervals. IoT Security determines if there are any newly discovered devices, alerts, or vulnerabilities, or if there are changes in any attribute fields of previously discovered devices in the past 15 minutes and, if found, responds with an update. In contrast to these periodic automated updates, IoT Security sends user-initiated commands to send security alerts and device vulnerabilities to SIEM.
After the setup is complete, XSOAR makes an initial request to IoT Security for its entire device inventory. After that, XSOAR periodically requests incremental updates at 15-minute intervals. IoT Security determines if there were changes in any of device attribute fields since the previous update and, if found, responds with a delta. XSOAR and IoT Security apply the same logic for security alerts and vulnerabilities.
Integrating with SIEM requires the purchase and activation of a third-party integration add-on. The basic integration plan includes a license for three integration add-ons, one of which can be used for SIEM. The advanced plan includes a license for all supported third-party integrations.

Recommended For You